Configure the H3C switch to set the Security Policy version, and control WEB login users through the source IP address

Configure the H3C switch instance and set the Security Policy version.
1. You can log on through the WEB and set security policies. Use the source IP address to control WEB login users.
2. Use SSH + password authentication (Basic SSH configuration method ). H3C switch SSH Configuration Guide. [Telnet at the same time]
3. Change the vswitch name, time, and manage IP configuration, such as IP network management. Basic configuration change time start ssh modify comport password close some useless services

Instance: http://www.zuihuasuan8.net most cost-effective group network
Sys
Sysname
Management-vlan 1
Interface Vlan-interface 1
Ip address
Quit
Ip route 0.0.0.0 0.0.0.0 Gateway
Dis cur
# Interface Aux1/0/0 default
Undo ip http shutdown
Local-user
Service-type telnet level 3
Password simple password
===
Use SSH + password authentication (Basic SSH configuration method ).
Public-key local create rsa
Public-key local create dsa
User-interface vty 0 4
Authentication-mode scheme
Protocol inbound ssh
= Http://www.zuihuasuan8.net is the most cost-effective group network
Local-user
Password cipher password
Service-type ssh level 3
Authentication-type password for the ssh user
=== Use the source IP address to control WEB login users. Only WEB users with the IP address x. x. x can access
Access the vswitch through HTTP.
System-view
Acl number 2003 match-order config
Rule 0 permit source IP address 0.0.31
Rule 1 permit source IP address 0.0.255
Rule 2 permit source IP address 0.0.255
Rule 3 permit source IP address 0.0.7
Rule 4 permit source IP address 0.0.255
Quit
Ip http acl 2003
------------------------------------------------------------------------
The h3c acl uses the source IP address to control the configuration of WEB login users.
1. Networking requirements
Use the source IP address to control WEB login users. Only WEB users with the IP address 10.110.100.46 can access
Access the vswitch through HTTP.
2. Networking Diagram

3. configuration steps
# Define basic ACL 2001.
<Sysname> system-view
[Sysname] acl number 2001 match-order config
[Sysname-acl-basic-2001] rule 1 permit source 10.110.100.46 0
[Sysname-acl-basic-2001] quit
# Configure the WEB server reference basic ACL 2001 to control WEB login users.
[Sysname] http acl 2001
------------------------------------------------------------------------
H3C Command record description comments http://www.zuihuasuan8.net the most cost-effective group network
------------------------------------------------------------------------
Clock datetime 15:02:00 05/03/2011
System
Public-key local create rsa // generate a local RSA key pair
Rsa local-key-pair create
/**/
H3C and  layer-3 Switch RSA key generation command
H3C: public-key local create rsa
rsa local-key-pair create
/**/
Local-user admin // (set the user name to admin)
Password cipher SSH password
Service-type ssh/set the service type to ssh/
Level 3/set the user priority to 3/
/**/
Service-type ssh level 3 // create a local user. The service type is ssh.
/**/
Authorization-attribute level 3 // it is important to set the user level to the highest level 3.
State active // activate this user
Quit
User-interface vty 0 15
Authentication-mode scheme/set scheme authentication/configure authentication mode
Protocol inbound ssh
User privilege level 3 // user level 3 is management
Quit
The ssh server enable // ssh server enable command is used to enable the SSH server function. The undo ssh server enable command is used to disable the SSH server function. By default, the SSH server function is disabled.
Ssh user admin authentication-type password/configure the SSH user authentication method as password/
User-interface aux 0 // enable the AUX interface
Authentication-mode password
Set authentication password cipher comport password // the above three lines are set. For console login, only the password does not need the user name.
Undo ip http enable
Ip http shutdown
/**/
Undo ip http shutdown enabling HTTP Server
The ip https enable command is used to enable the HTTPS service.
The undo ip https enable command is used to disable the HTTPS service.
Http Server
Enable HTTP server undo ip http shutdown
Disable HTTP Server ip address http shutdown
The ip http enable command is used to start the WEB Server.
The undo ip http enable command is used to disable the WEB Server.
By default, the WEB Server is enabled.
/**/
Undo ip https enable
Undo ip ttl-expires
Undo ip unreachables
Basic configuration change time start ssh modify comport password close some useless services

Configure IP Network Management
Sys
Management-vlan 1
Interface Vlan-interface 643 // interface Vlan-interface 1
Ip address: IP address used by the network administrator
Quit
Ip route 0.0.0.0 0.0.0.0 Network Management IP Gateway
H3C does not enable http server by default. If it is not enabled, run the undo ip http shutdown command.
------------------------------------------------------------------------
Http://www.zuihuasuan8.net most cost-effective group purchase network
------------------------------------------------------------------------
Clock datetime 15:02:00 05/03/2011
System
Public-key local create rsa // generate a local RSA key pair
Rsa local-key-pair create
/**/
H3C and layer-3 Switch RSA key generation command
H3C: public-key local create rsa
rsa local-key-pair create
/**/
Local-user admin // (set the user name to admin)
Password cipher SSH password
Service-type ssh
Level 3
Authorization-attribute level 3
State active
Quit
User-interface vty 0 15
Authentication-mode scheme
Protocol inbound ssh
User privilege level 3
Quit
Ssh server enable
Ssh user admin authentication-type password
User-interface aux 0
Authentication-mode password
Set authentication password cipher comport password
Undo ip http enable
Ip http shutdown
Undo ip https enable
Undo ip ttl-expires
Undo ip unreachables
Basic configuration change time start ssh modify comport password close some useless services

Configure IP Network Management
Management-vlan 1
Interface Vlan-interface 643
Ip address network management IP mask
Quit
Ip route 0.0.0.0 0.0.0.0 Network Management IP Gateway
------------------------------------------------------------------------
How can I check whether the optical port and electrical port of the H3C S3100 SI switch are enabled or disabled? How do I enable and disable them? What is a command?
By default, the electrical port is enabled.
G1/1/1 First electrical Port
G1/1/2 first optical port
G1/2/1 second electrical Port
G1/2/2 Second optical port
Open the optical PORT command
Int g1/1/2
Undo shutdown
After the optical port is enabled, the electrical port is closed. If you want to open an electrical port
Int g1/1/1
Undo shutdown
------------------------------------------------------------------------

 

Author: "I am standing on the shoulders of giants, Jimmy Li"